code-signing (log message and potential "fixes")

René J.V. Bertin rjvbertin at gmail.com
Fri Jun 3 07:45:48 PDT 2016


On Friday June 03 2016 10:21:49 Brandon Allbery wrote:
> On Fri, Jun 3, 2016 at 5:41 AM, René J. V. <rjvbertin at gmail.com> wrote:

> Ideally it shouldn't be allowing access to the user's chain at all.
> post-activate is a system level operation, not user level.

I think that's debatable in this context. I'm supposing someone who owns an official (paid) code-signing identify will store it in one of his/her keychains, not in the system keychain. Compare to `sudo codesign -s ID` which will access the sudo user's keychain just fine. Maybe an env. variable thing?

R.


More information about the macports-dev mailing list